The nation’s top cyber defense chief said the U.S. government’s ramped-up efforts in cyberspace were key to disrupting a Russian interference effort during the 2018 midterms and promised it would do even more to protect the 2020 presidential election.
Paul Miki Nakasone, a general in the Army who is both commander of U.S. Cyber Command and director of the National Security Agency, penned an op-ed for Foreign Affairs on Tuesday with Cybercom senior adviser Michael Sulmeyer, laying out how Cybercom and the NSA “worked together to protect against meddling in the 2018 midterm elections.” Nakasone pointed to the creation of the Russia Small Group, which he described as “a task force created to ensure that democratic processes were executed unfettered by Russian activity” that aided the Department of Homeland Security and FBI in countering Russian meddling. He also highlighted Cybercom sending personnel out on “several hunt forward missions, where governments had invited them to search for malware on their networks.”
The general credited these aggressive “defend forward” tactics and newly acquired authorities by U.S. agencies in discussing how the “United States disrupted a concerted effort to undermine the midterm elections.” He vowed that “together with its partners, Cyber Command is doing all of this and more for the 2020 elections.”
The U.S. intelligence community concluded this month that the Russian government is “using a range of measures to primarily denigrate” 2020 Democratic nominee former Vice President Joe Biden. The spy agencies also assessed that the Chinese Communist Party wants Trump to lose reelection and “has been expanding its influence efforts ahead of November 2020 to shape the policy environment” in the U.S. and that the Iranian regime “seeks to undermine U.S. democratic institutions, President Trump, and to divide the country in advance of the 2020 elections.”
The level of detail provided by Nakasone on Tuesday was unusual for an official in his position and seemed to confirm prior reporting about the U.S. government’s successful efforts to combat Russian meddling two years ago. CNN reported in October 2018 that Cybercom had “begun targeting Russian operatives believed to be attempting to influence the 2018 midterm elections as part of a broad effort in coordination with several government agencies,” that “the operations are aimed at making meddling more difficult,” and that the “tactics being deployed include sending phishing messages to suspected cyber operatives.” The Washington Post reported in February 2019 that as voters went to the polls the previous November, the U.S. military “blocked Internet access to an infamous Russian entity [the Internet Research Agency] seeking to sow discord among Americans during the 2018 midterms” as “part of the first offensive cyber campaign against Russia designed to thwart attempts to interfere with a U.S. election.”
Trump confirmed in an Oval Office interview with the Washington Post in June that he had authorized the cyberattack that took the troll farm, which was mentioned throughout special counsel Robert Mueller’s report, offline.
Nakasone had testified before the Senate Armed Services in February 2019. He said that in 2018, “for the first time, we sent our cyberwarriors abroad to secure networks outside the DOD information network” and that “our No. 1 priority was the defense of the midterm elections.”
The general said Tuesday that Cybercom officials conducted another recent “defend forward” operation, this one in Montenegro beginning in October 2019, noting that the country has faced “increased harassment” from Russia since joining NATO in 2017 and that the Cybercom team landed in the country’s capital to “investigate signs that hackers had penetrated the Montenegrin government’s networks.” He said that “the team saw an opportunity to improve American cyber defenses ahead of the 2020 election.” The general added: “The hunt forward mission to Montenegro represented a new, more proactive strategy to counter online threats that reflects Cyber Command’s evolution over the last 10 years from a reactive, defensive posture to a more effective, proactive posture called persistent engagement.”
The NSA chief pointed to cyberthreats from a number of foes. He argued that Russia “uses cyberspace for espionage and theft and to disrupt U.S. infrastructure while attempting to erode confidence in the nation’s democratic processes.” He claimed that China “uses cyber capabilities to steal sensitive data, intellectual property, and personal data from the U.S. government and U.S. businesses at great cost to the U.S. economy and national security,” pointing to Chinese efforts to steal coronavirus research and noting that China “supplements those cyberspace operations with influence campaigns to obscure international narratives about their activities.” He said that Iran “undertakes online influence campaigns, espionage efforts, and outright attacks against government and industrial sectors”; that North Korea “flouts sanctions by hacking international financial networks and cryptocurrency exchanges to generate revenue that funds its weapons development activities”; and that “violent extremist organizations” such as the Islamic State “have used the internet to recruit terrorists, raise funds, direct violent attacks, and disseminate gruesome propaganda.”
John Bolton, then the White House national security adviser, announced in September 2018 that Trump had signed a new presidential directive “on cyber offensive operations,” titled National Security Presidential Memorandum 13 and described as “on offensive cyber operations,” to loosen Obama-era restrictions on military cyber operations, though much of the directive remains secret. It was reported by Yahoo News in July that the CIA was also granted broader cyberpowers in 2018 to counter the digital threats posed by Russia, China, Iran, and North Korea.
